When they enter a new password, you could generate a new salt and store
that with the user record. Old password effectively gets invalidated,
store the new hashed+salted passwords plus several new fake ones to
throw bad guys off the trail.
On 04/23/2014 03:41 PM, [email protected] wrote:
And how do you handle getting rid of prior access when the user
updates his password? You don't want his old password to work.
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
